Skip to Content.
Sympa Menu

shibboleth-dev - Re: Metadata 2.0

Subject: Shibboleth Developers

List archive

Re: Metadata 2.0


Chronological Thread 
  • From: Nate Klingenstein <>
  • To:
  • Subject: Re: Metadata 2.0
  • Date: Thu, 13 Dec 2007 15:16:34 +0000

Franck,

I am trying to change our test bed from 1.3 to 2.0. At a first try, I wrote a new metadata file using Scotts example founded in the SP 2.0 package. Unfortunately the namesspaces are missing and there is only an example for the IdP.


This is for two reasons.  First, an SP doesn't need to load its own metadata since it only communicates with the IdP.  We included an IdP example so that if necessary the SP deployer could write metadata for their partners by hand.

Why no SP example, then?  The 2.0 SP includes a dynamic metadata generation handler for every application at, for example, https://yourhost.org/Shibboleth.sso/Metadata.  It will attempt to synthesize accurate metadata for itself based on all its configuration files.  Give it a try.

Forthermore I saw of your testshib metadata that there are now two different kind of identifier in the metadata:


1) <md:...

2) embeded namespace identifier --> xmlns="urn:oasis:names:tc:SAML:2.0:metadata"

Which one is preferable to use?


This is primarily due to a poor implementation of the metadata validator that's applied post XML edit.  Stick to the embedded namespaces and avoid using TestShib as an example of anything.  See for a better example:


I would like to test the new features like the xml encryption. Can you please send me an example of working 2.0 metadata with the new features enabled?


Encryption should be enabled by default for our implementation of the 2.0 browser SSO profile, but this was added to a fairly recent revision of the IdP and I haven't tested it myself yet.

I am also prepared to place an example of metadata in the shib wiki. And start with some documentation. Where sould this be placed?


Probably somewhere on the https://spaces.internet2.edu/display/SHIB2/Configuration and https://spaces.internet2.edu/display/SHIB2/UnderstandingShibboleth pages.  The fundamental model here is changing quite a bit in conceptual approach to reflect the new metadata generation handlers and to accommodate different deployment parameters, but a basic start would probably be useful.

Thanks a lot for contributing,
Nate.



Archive powered by MHonArc 2.6.16.

Top of Page